Bugtraq mailing list archives
Re: Is _your_ Netscape under remote control
From: ley () cert dfn de (Wolfgang Ley)
Date: Mon, 27 May 1996 15:20:12 +0200
-----BEGIN PGP SIGNED MESSAGE----- Dave Horsfall wrote:
Anyone know whether any versions of Mosaic are susceptible? I don't use Netscrape...
Mosaic (at least the Unix version of NCSA) has two different remote control protocols: 1) via a TCP/IP connection to a port specified by the user: This CCI (Common Client Interface) is diabled by default, but the user is able to activate it (via option, menu or resources). The user has to specify a port number to use for remote control. There is no access control - so if you activate it everyone can connect to the Mosaic process and remote control it. See also: http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/CCI/cci-spec.html 2) via signal handling and a local file: If you send a USR1 signal to the running Mosaic it tries to read commands from /tmp/Mosaic.<pid> Sending a USR1 signal to the process should only be possible by the use running the browser, so this is better than the CCI stuff. This is enabled by default (and can't be switched off). See also: http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/remote-control.html Bye, Wolfgang Ley. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley () cert dfn de Phone: +49 40 54715-262 Fax: +49 40 54715-241 PGP-Key available via finger ley () ftp cert dfn de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMamsCQQmfXmOCknRAQHY+gP/TJA+fABmeh30me+H5gBnNjMc7labALdf IWPCnHf3aUUQPDAMknuLZUEaV4m1Sto0hSvqfhT8IzC5kWSedrS9glOOuEyYbSb3 iyM/b3h9+0dkFde+s3YRpN3RP1+tqtIubWlTVbB8YtZULPWULz2a3k4JSZEJd4RR dZl4C6t/2Oo= =paAR -----END PGP SIGNATURE-----
Current thread:
- Re: Possible bug in solaris2.4 ?, (continued)
- Re: Possible bug in solaris2.4 ? Dave Barr (May 24)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Jamie (May 25)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)
- Re: Is _your_ Netscape under remote control Dave Taylor (May 23)
- Re: Is _your_ Netscape under remote control Darrell Fuhriman (May 24)
- Re: Is _your_ Netscape under remote control Dave Horsfall (May 25)
- Re: Is _your_ Netscape under remote control Wolfgang Ley (May 27)
- Re: Is _your_ Netscape under remote control Sven Neuhaus (May 24)
- Re: Is _your_ Netscape under remote control Roger Espel Llima (May 24)